公开(公告)号：US11997131B1

公开(公告)日：2024-05-28

申请号：US17948980

申请日：2022-09-20

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Joseph Sirianni ,  Judson Powers ,  Robert Joyce

IPC: G06F21/00 ,  G06N3/04 ,  G06N3/084 ,  G06N20/10 ,  H04L9/40

CPC classification number: H04L63/145 ,  G06N3/04 ,  G06N3/084 ,  G06N20/10 ,  H04L63/1425 ,  H04L63/1433

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which detects and defends against malware in-flight regardless of the specific nature and methodology of the underlying attack. The analytic server learns the system's normal behavior during testing and evaluation phase and trains a machine-learning model based on the normal behavior. The analytic server monitors the system behavior during runtime comprising the runtime behavior of each sub-system of the system. The analytic server executes the machine-learning model and compares the system runtime behavior with the normal behavior to identify anomalous behavior. The analytic server executes one or more mitigation instructions to mitigate malware. Based on multiple available options for mitigating malware, the analytic server makes an intelligent decision and takes the least impactful action that have the least impact on the system to maintain mission assurance.

公开(公告)号：US11985159B1

公开(公告)日：2024-05-14

申请号：US17884908

申请日：2022-08-10

Applicant: Architecture Technology Corporation

Inventor： Judson Powers ,  Matthew Donovan

IPC: G09B9/00 ,  G06Q10/0639 ,  H04L9/40

CPC classification number: H04L63/1441 ,  G06Q10/06398 ,  G09B9/003 ,  H04L63/1416

Abstract: A method for improving efficiency of a training program begins with a processor monitoring and adapting execution of a training exercise of the training program. The processor determines a training program effectiveness measure including determining trainee skill improvement demonstrated during the training exercise, and monitoring and determining correctness and timeliness of trainee actions during the training exercise. The processor then determines a training program cost measure by determining a first monetary cost for the execution of the at least one training exercise, determining a second monetary cost associated with trainee man-hours for the training exercise, and generating the training program cost measure based on the first and second monetary costs. The processor then computes a ratio of the training program effectiveness measure to the training program cost measure.

公开(公告)号：US11651081B1

公开(公告)日：2023-05-16

申请号：US16891559

申请日：2020-06-03

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Judson Powers

IPC: G06F21/57 ,  G06N20/00

CPC classification number: G06F21/577 ,  G06N20/00 ,  G06F2221/033

Abstract: A computer-implemented method of securing vulnerabilities in a program, the method including receiving, by a computer, state information generated by an executed application program, training, by the computer, a constraints model based on the state information, generating, by the computer, one or more constraints with the constraints model, each of the one or more constraints describing an execution constraint for executing the application program, wherein the execution constraint enforces an intended operation of the application program, and applying, by the computer, the one or more constraints to the application program.

公开(公告)号：US11567759B1

公开(公告)日：2023-01-31

申请号：US17361045

申请日：2021-06-28

Applicant: Architecture Technology Corporation

Inventor： Jason Hogan ,  Judson Powers

IPC: G06F8/74 ,  G06F8/73 ,  G06N3/02 ,  G06F8/41 ,  G06F8/30

Abstract: Various computing technologies for various reverse engineering platforms capable of outputting, including creating or generating, a human readable and high level source code, such as C, Fortran, LISP, or BASIC, from various binary files, such as application binaries, executable binaries, or data binaries, in an original language as developed pre-compilation. For example, some of such reverse engineering platforms can be programmed to disassemble binary files from different process architectures, identify various code optimizations as compiler introduced, reverse or unwind various compiler optimizations (de-optimize), and generate a human readable and high-level source code from de-optimized data.

公开(公告)号：US11503064B1

公开(公告)日：2022-11-15

申请号：US16995458

申请日：2020-08-17

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Scott Aloisio ,  Robert Joyce ,  Judson Powers

IPC: H04L29/06 ,  H04L9/40 ,  H04L41/0631 ,  H04L41/22 ,  H04L43/06 ,  G06N5/02

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a SilverlineRT system that prioritizes and analyzes security alerts and events. The server builds an attack tree based on attack detection rules. The server monitors large-scale distributed systems and receives alerts from various devices. The server determines attacks using the attack tree while excluding false alarms. The server determines impact and risk metrics for attacks in real-time, and calculates an impact score for each attack. The server ranks and prioritizes the attacks based on the impact scores. The server also generates real-time reports. By consider the mission and system specific context in the analysis alert information, the server gives insight into the overall context of problems and potential solutions, improving decision-making. By showing the impacts of alters, the server allows security personnel to prioritize responses and focus on highest value defense activities.

公开(公告)号：US11461477B1

公开(公告)日：2022-10-04

申请号：US16838595

申请日：2020-04-02

Applicant: Architecture Technology Corporation

Inventor： Judson Powers ,  Robert A. Joyce ,  Scott Aloisio ,  Matthew A. Stillerman

IPC: G06F21/60 ,  G06F21/52 ,  G06F21/62 ,  H04L9/12

Abstract: An example method includes initializing, by an obfuscation computing system, communications with nodes in a distributed computing platform, the nodes including one or more compute nodes and a controller node, and performing at least one of: (a) code-level obfuscation for the distributed computing platform to obfuscate interactions between an external user computing system and the nodes, wherein performing the code-level obfuscation comprises obfuscating data associated with one or more commands provided by the user computing system and sending one or more obfuscated commands to at least one of the nodes in the distributed computing platform; or (b) system-level obfuscation for the distributed computing platform, wherein performing the system-level obfuscation comprises at least one of obfuscating system management tasks that are performed to manage the nodes or obfuscating network traffic data that is exchanged between the nodes.

公开(公告)号：US11444974B1

公开(公告)日：2022-09-13

申请号：US16661513

申请日：2019-10-23

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Martiros Shakhzadyan ,  Judson Powers ,  Matthew A. Stillerman

IPC: H04L9/40

Abstract: Systems, methods, and products comprise an analytic server, which improves security of a unified system of distributed network infrastructure comprising a plurality of cyber-physical systems. The analytic server may instantiate a sub attack tree for each cyber-physical system within the unified system. The analytic server may determine how the interconnection of the plurality of cyber-physical systems may affect the unified system security. The analytic server may monitor systems and receive electronic notifications of alerts in real-time from devices in the plurality of cyber-physical systems. The analytic server may follow the logic of the attack tree model by traversing the attack tree from bottom up and determine how the alerts from the cyber-physical systems may affect the distributed network infrastructure as a whole. The analytic server may generate reports comprising a list of the prioritized attacks and recommendation actions to mitigate the attacks.

公开(公告)号：US11010495B1

公开(公告)日：2021-05-18

申请号：US16168760

申请日：2018-10-23

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Daniel McArdle ,  Judson Powers

IPC: G06F21/52 ,  G06F21/64 ,  G06F9/445 ,  G06F8/52 ,  G06F9/30

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a processor, which provides runtime enforcement of data flow integrity. The processor accesses the application binary file from the disk to execute an application and translates the application binary into intermediate representation. The processor applies the logic of data flow integrity controls to the intermediate representation. Specifically, the processor identifies the vulnerable code in the intermediate representation. The processor applies data flow integrity controls to the vulnerable code. The processor adds simple instrumentation that only changes the application's behavior when unauthorized data tampering occurs while preserving the application's normal behavior. When certain operations may cause unauthorized data tampering, the processor takes proper measures to stop the operations. The processor translates the intermediate representation back to a machine code and replaces the original binary with the machine code.

公开(公告)号：US11010472B1

公开(公告)日：2021-05-18

申请号：US16168722

申请日：2018-10-23

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Judson Powers ,  Katey Huddleston

IPC: G06F21/56 ,  H04L29/06 ,  G06F9/455 ,  G06K9/62 ,  G06N20/00

Abstract: Disclosed herein are embodiments of systems, methods, and products providing real-time anti-malware detection and protection. The computer uses artificial intelligence techniques to learn and detect new exploits in real time and protect the full system from harm. The computer trains a first machine learning model for executable files. The computer trains a second machine learning model for non-executable files. The computer trains a third machine learning model for network traffic. The computer identifies malware using the various machine learning models. The computer restores to a clean, uncorrupted state using virtual machine technology. The computer reports the detected malware to a security server, such as security information and even management (SIEM) systems, by transmitting detection alert message regarding the malware. The computer interacts with an administrative system over an isolated control network to allow the system administrator to correct the corruption caused by the malware.

公开(公告)号：US10909257B1

公开(公告)日：2021-02-02

申请号：US16460246

申请日：2019-07-02

Applicant: Architecture Technology Corporation

Inventor： Daniel James Tingstrom ,  Judson Powers ,  Matthew P. Donovan

IPC: G06F21/53 ,  G06F21/62 ,  G06F16/22 ,  H04W12/08

Abstract: An example method includes selecting, based at least on first and second policies, first and second containers in which to execute first and second applications, respectively. The example method further includes isolating execution of the first application in the first container, and isolating execution of the second application in the second container. The example method also includes applying, based at least on the first policy, a first group of security controls to the first application executing in the first container, wherein the first container defines a first domain in which the first application is executed, and applying, based at least on the second policy, a second group of security controls to the second application executing in the second container, wherein the second container defines a second domain in which the second application is executed.